• Use locally-generated certificate chain in local tests rather
  than the Twitter one, which changes regularly and breaks the
  test suite unnecessarily. Fixes RT#129201. Thanks to Petr Písař
  for the report and patch, and Steffen Ullrich for an alternative
  patch suggestion.
  
• In t/local/09_ctxnew.t, rather than checking that the functions
  (CTX)get_min_protoversion and (CTX)get_max_proto_version return
  0x0000 (indicating the lowest and highest versions supported by
  libssl respectively, which is not the case if a run-time
  configuration is enforcing a different minimum or maximum), just
  check whether the returned value is one of those mentioned on the
  SSL_CTX_set_min_proto_version(3) man page. Partially fixes
  RT#128025. Thanks to Slaven Rezić and Dmytro Zagashev for the
  downstream reports.
  
• Move from 1024-bit keys/certificates to 2048-bit keys/certificates
  across the entire test suite. This removes the need to manually
  set the security level to 1 in tests that used the old keys, and
  fixes large numbers of test failures on modern Linux distributions
  that set the minimum OpenSSL security level to 2. Fixes RT#126270
  and the remainder of RT#128025. Thanks to Petr Písař and Slaven
  Rezić for the downstream reports.
  
• In t/local/06_tcpecho.t and t/local/07_sslecho.t, connect to
  127.0.0.1 instead of localhost. This fixes these tests when
  executed inside a network sandbox that disrupts the behaviour of
  gethostbyname(). Fixes RT#128207. Thanks to Kent Fredric for the
  downstream report.